{ "platform": { "platform_id": "central", "setups_root": "/data/opt", "remote_data_root_directory": "/data", "remote_logs_root_directory": "/var/log/punchplatform", "punchplatform_daemons_user": "punchplatform", "punchplatform_group": "punchplatform", "binaries_version": "punch-binaries-6.4.5", "platform_local_credentials_dir": "./security", "platform_ca_name": "fullchain.crt", "platform_truststore_name": "truststore.jks", "platform_truststore_password": "@{DEPLOYMENT_SECRETS.platform.truststore_password}", "punch_commands": { "security": { "kafka_clients": { "kafka_front": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.keystore_password}" }, "kafka_back": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.keystore_password}" } }, "elasticsearch_clients": { "es_data": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.keystore_password}", "credentials": { "username": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.username}", "password": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.password}" } }, "es_monitoring": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.keystore_password}", "credentials": { "username": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.username}", "password": "@{PUNCHPLATFORM_RUNTIME_SECRETS.elasticsearch.password}" } } }, "zookeeper_clients": { "zk_front": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.zookeeper.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.zookeeper.keystore_password}" }, "zk_back": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.zookeeper.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.zookeeper.keystore_password}" } }, "gateway_clients": { "gateway_main": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.gateway.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.gateway.keystore_password}" }, "gateway_backup": { "ssl_enabled": true, "ssl_truststore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl_truststore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.gateway.truststore_password}", "ssl_keystore_location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl_keystore_pass": "@{PUNCHPLATFORM_RUNTIME_SECRETS.gateway.keystore_password}" } } } } }, "reporters": { "central_reporter": { "type": "kafka", "brokers": "kafka_back", "topic": "platform-monitoring", "reporting_interval": 30, "encoding": "json", "security.protocol": "SSL", "ssl.truststore.location": "@{PUNCHPLATFORM_SECRETS_DIR}/truststore.jks", "ssl.truststore.password": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.truststore_password}", "ssl.keystore.location": "@{PUNCHPLATFORM_SECRETS_DIR}/server.jks", "ssl.keystore.password": "@{PUNCHPLATFORM_RUNTIME_SECRETS.kafka.keystore_password}" } }, "zookeeper": { "zookeeper_version": "apache-zookeeper-3.7.0-bin", "zookeeper_nodes_production_interface": "ens3", "zookeeper_childopts": "-server -Xmx256m -Xms256m", "clusters": { "zk_front": { "hosts": [ "centralfront1" ], "cluster_port": 2181, "peer_port": 2888, "election_port": 3888, "punchplatform_root_node": "/central-front", "ssl_enabled": true, "zk_client_auth": "need", "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.zookeeper.keystore_password}" }, "zk_back": { "hosts": [ "centralback1" ], "cluster_port": 2181, "peer_port": 2888, "election_port": 3888, "punchplatform_root_node": "/central-back", "ssl_enabled": true, "zk_client_auth": "need", "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.zookeeper.keystore_password}" } } }, "kafka": { "kafka_version": "kafka_2.12-2.8.1", "kafka_brokers_production_interface": "ens3", "clusters": { "kafka_front": { "brokers_with_ids": [ { "id": 1, "broker": "centralfront2:9092" } ], "zk_cluster": "zk_front", "zk_root": "kafka-front", "brokers_config": "punchplatform-front-server.properties", "default_replication_factor": 1, "default_partitions": 1, "partition_retention_bytes": 173741824, "partition_retention_hours": 12, "kafka_brokers_jvm_xmx": "512M", "ssl_enabled": true, "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.kafka.keystore_password}" }, "kafka_back": { "brokers_with_ids": [ { "id": 1, "broker": "centralback2:9092" } ], "zk_cluster": "zk_back", "zk_root": "kafka-back", "brokers_config": "punchplatform-back-server.properties", "default_replication_factor": 1, "default_partitions": 1, "partition_retention_bytes": 173741824, "partition_retention_hours": 12, "kafka_brokers_jvm_xmx": "512M", "ssl_enabled": true, "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.kafka.keystore_password}" } } }, "shiva": { "shiva_version": "punch-shiva-6.4.5", "clusters": { "shiva_front": { "reporters": [ "central_reporter" ], "storage": { "type": "kafka", "kafka_cluster": "kafka_front" }, "ssl_enabled": true, "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.shiva.keystore_password}", "custom_secrets_file": "shiva_secrets.json", "custom_additional_credentials_files": [ "server.jks", "truststore.jks", "fullchain.crt", "server.pem", "server.crt", "fullchain-collector.crt" ], "servers": { "centralfront1": { "runner": true, "can_be_master": true, "tags": [ "shiva_front" ] }, "centralfront2": { "runner": true, "can_be_master": false, "tags": [ "shiva_front" ] } }, "shiva_cluster_jvm_xmx": "256M" }, "shiva_back": { "reporters": [ "central_reporter" ], "storage": { "type": "kafka", "kafka_cluster": "kafka_back" }, "ssl_enabled": true, "keystore_name": "server.jks", "keystore_password": "@{DEPLOYMENT_SECRETS.shiva.keystore_password}", "custom_secrets_file": "shiva_secrets.json", "custom_additional_credentials_files": [ "server.jks", "truststore.jks", "fullchain.crt", "server.pem", "server.crt" ], "servers": { "centralback1": { "runner": true, "can_be_master": true, "tags": [ "shiva_back" ] }, "centralback2": { "runner": true, "can_be_master": false, "tags": [ "shiva_back" ] } }, "shiva_cluster_jvm_xmx": "256M" } } }, "elasticsearch": { "elasticsearch_version": "7.10.2", "clusters": { "es_data": { "nodes": { "centralback1": { "type": "data_node", "http_api_address": "centralback1", "transport_address": "centralback1", "bind_address": "_ens3_", "rack_id": "1", "local_credentials_dir": "./security/centralback1", "admin_pemkey_name": "admin.pem", "admin_pemcert_name": "admin.crt", "ssl_pemkey_name": "server.pem", "ssl_pemcert_name": "server.crt", "temporary_directory": "/data/elasticsearch/tmp" } }, "http_api_port": 9200, "transport_port": 9300, "temporary_directory": "/data/elasticsearch/tmp", "minimum_master_nodes": 1, "settings_by_type": { "data_node": { "max_memory": "1G", "modsecurity_enabled": false, "modsecurity_blocking_requests": false, "script_execution_authorized": true, "http_cors_enabled": true, "readonly": false } }, "plugins": { "opendistro_security": { "opendistro_security_version": "1.13.1.0", "ssl_http_enabled": true, "ssl_http_clientauth_mode": "REQUIRE", "authcz_admin_dn": [ "CN=centralback1-admin,OU=Punchplatform,O=Thales,L=Paris,ST=IDF,C=FR" ], "nodes_dn": [ "CN=centralback1,OU=Punchplatform,O=Thales,L=Paris,ST=IDF,C=FR" ], "kibana_index": ".kibana" } } }, "es_monitoring": { "nodes": { "centralback2": { "type": "data_node", "http_api_address": "centralback2", "transport_address": "centralback2", "bind_address": "_ens3_", "rack_id": "2", "local_credentials_dir": "./security/centralback2", "admin_pemkey_name": "admin.pem", "admin_pemcert_name": "admin.crt", "ssl_pemkey_name": "server.pem", "ssl_pemcert_name": "server.crt", "temporary_directory": "/data/elasticsearch/tmp" } }, "http_api_port": 9200, "transport_port": 9300, "minimum_master_nodes": 1, "settings_by_type": { "data_node": { "max_memory": "512m", "modsecurity_enabled": false, "modsecurity_blocking_requests": false, "script_execution_authorized": true, "http_cors_enabled": true, "readonly": false } }, "plugins": { "opendistro_security": { "opendistro_security_version": "1.13.1.0", "ssl_http_enabled": true, "ssl_http_clientauth_mode": "REQUIRE", "authcz_admin_dn": [ "CN=centralback2-admin,OU=Punchplatform,O=Thales,L=Paris,ST=IDF,C=FR" ], "nodes_dn": [ "CN=centralback2,OU=Punchplatform,O=Thales,L=Paris,ST=IDF,C=FR" ], "kibana_index": ".kibana", "admin_pemcert_name": "admin.crt", "admin_pemkey_name": "admin.pem", "ssl_transport_pemcert_name": "server.crt", "ssl_transport_pemkey_name": "server.pem" } } } } }, "kibana": { "kibana_version": "7.10.2", "domains": { "admin-data": { "es_cluster_target": "es_data", "es_type_of_nodes_targeted": "data_node", "kibana_port": 5601, "type": "administration", "index": ".kibana", "servers": [ "centralback1", "centralback2" ], "server_ssl_enabled": true, "server_ssl_key_name": "server.pem", "server_ssl_certificate_name": "server.crt", "elasticsearch_ssl_enabled": true, "elasticsearch_ssl_verificationMode": "full", "elasticsearch_ssl_certificateAuthorities_names": [ "fullchain.crt" ] }, "admin-monitoring": { "es_cluster_target": "es_monitoring", "es_type_of_nodes_targeted": "data_node", "kibana_port": 5602, "type": "administration", "index": ".kibana", "servers": [ "centralback2" ], "server_ssl_enabled": true, "server_ssl_key_name": "server.pem", "server_ssl_certificate_name": "server.crt", "elasticsearch_ssl_enabled": true, "elasticsearch_ssl_verificationMode": "full", "elasticsearch_ssl_certificateAuthorities_names": [ "fullchain.crt" ] } }, "plugins": { "opendistro_security": { "opendistro_security_version": "1.13.0.1" }, "data_extraction": { "version": "1.2.5", "enabled": true, "use_legacy": false, "tenant": "reftenant", "rest_api": { "hosts": [ "https://centralback1:4242", "https://centralback2:4242" ], "ssl_enabled": true } }, "punchplatform_feedback": { "punchplatform_feedback_version": "2.1.3", "tenant": "reftenant" }, "punch_documentation": { "version": "1.0.3", "documentation_version": "6.4.5" } }, "servers": { "centralback1": { "address": "217.182.140.108" }, "centralback2": { "address": "149.202.189.157" } } }, "punchplatform_operator": { "punchplatform_operator_environment_version": "punch-operator-6.4.5", "configuration_name_dir_from_home": "central-runtime-conf", "operators_username": [ "punch-operator" ], "servers": { "centralback1": {} }, "storage": { "type": "kafka", "kafka_cluster": "kafka_back" }, "custom_additional_credentials_files": [ "server.pem", "server.crt", "server.jks", "fullchain-collector.crt" ], "custom_secrets_file": "operator_secrets.json", "reporters": [ "central_reporter" ] }, "gateway": { "gateway_version": "6.4.5", "clusters": { "gateway_main": { "tenant": "reftenant", "modsecurity_enabled": false, "channel_management_enabled": false, "puncher_enabled": true, "punchline_enabled": true, "servers": { "centralback1": { "inet_address": "centralback1", "port": 4242, "ssl": { "ssl_client_auth": "need", "key_store_name": "server-gateway.jks", "key_store_type": "JKS", "key_alias": "centralback1", "server_key_store_password": "@{DEPLOYMENT_SECRETS.gateway.keystore_password}", "local_credentials_dir": "./security/centralback1", "custom_secrets_file": "gateway_secrets.json", "client_ca_name": "fullchain.crt", "client_private_key_name": "server.pem", "client_certificate_name": "server.crt" } }, "centralback2": { "inet_address": "centralback2", "port": 4242, "ssl": { "ssl_client_auth": "need", "key_store_name": "server-gateway.jks", "key_store_type": "JKS", "key_alias": "centralback2", "server_key_store_password": "@{DEPLOYMENT_SECRETS.gateway.keystore_password}", "local_credentials_dir": "./security/centralback2", "custom_secrets_file": "gateway_secrets.json", "client_ca_name": "fullchain.crt", "client_private_key_name": "server.pem", "client_certificate_name": "server.crt" } } }, "elasticsearch": { "data_cluster": { "cluster_id": "es_data", "hosts": [ "centralback1:9200" ], "settings": [ "es.index.read.missing.as.empty: yes", "es.nodes.discovery: true" ], "metrics_credentials": { "user": "@{DEPLOYMENT_SECRETS.elasticsearch.username}", "password": "@{DEPLOYMENT_SECRETS.elasticsearch.password}" } }, "metric_cluster": { "cluster_id": "es_monitoring", "hosts": [ "centralback2:9200" ], "index_name": "reftenant-gateway-logs", "settings": [ "es.index.read.missing.as.empty: yes", "es.nodes.discovery: true" ], "credentials": { "user": "@{DEPLOYMENT_SECRETS.elasticsearch.username}", "password": "@{DEPLOYMENT_SECRETS.elasticsearch.password}" } } }, "services": { "extraction": { "formats": [ "csv", "json" ] } }, "resources": { "doc_dir": "/data/doc", "archives_dir": "/data/archives", "punchlines_dir": "/data/punchlines", "manager": { "metadata": [ { "type": "elasticsearch", "hosts": [ "centralback2:9200" ], "index": "resources-metadata", "credentials": { "user": "@{DEPLOYMENT_SECRETS.elasticsearch.username}", "password": "@{DEPLOYMENT_SECRETS.elasticsearch.password}" } } ], "data": [ { "type": "file", "root_path": "/data/punchplatform/resources" } ] } }, "reporters": [ "central_reporter" ] } } }, "metricbeat": { "metricbeat_version": "7.10.2", "modules": { "system": { "high_frequency_system_metrics": { "metricsets": [ "cpu", "load", "memory" ], "reporting_interval": "1m" }, "normal_frequency_system_metrics": { "metricsets": [ "fsstat" ], "reporting_interval": "5m" }, "slow_frequency_system_metrics": { "metricsets": [ "uptime" ], "reporting_interval": "1h" } } }, "elasticsearch": { "cluster_id": "es_monitoring", "ssl_enabled": "true" }, "elasticsearch_user": "@{DEPLOYMENT_SECRETS.elasticsearch.username}", "elasticsearch_password": "@{DEPLOYMENT_SECRETS.elasticsearch.password}", "elasticsearch_certificate_name": "server.crt", "elasticsearch_private_key_name": "server.pem" } }